1-4
A referenced time range can be one that has not been created yet. The rule, however, can take effect
only after the time range is defined and becomes active.
IP Fragments Filtering with ACL
Traditional packet filtering performs match operation on, rather than all IP fragments, the first ones only.
All subsequent non-first fragments are handled in the way the first fragments are handled. This causes
security risk as attackers may fabricate non-first fragments to attack your network.
As for the configuration of a rule of an IPv4 ACL, the fragment keyword specifies that the rule applies to
non-first fragment packets only, and does not apply to non-fragment packets or the first fragment
packets. ACL rules that do not contain this keyword is applicable to both non-fragment packets and
fragment packets.
ACL Application
ACLs are widely used in technologies. One typical application is to apply different types of ACLs for
traffic filtering. For details, refer to
ACL Application for Packet Filtering.
In addition, ACLs can be used in such fields as routing, security, and QoS. For configuration details,
refer to the related parts of this configuration manual.
To Next Page
Loading...
Need help?
General